camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r944021 - in /websites/production/camel/content: ./ 2015/03/16/ cache/ security-advisories.data/
Date Mon, 16 Mar 2015 21:19:23 GMT
Author: buildbot
Date: Mon Mar 16 21:19:23 2015
New Revision: 944021

Log:
Production update by buildbot for camel

Added:
    websites/production/camel/content/2015/03/16/
    websites/production/camel/content/2015/03/16/cve-2015-0263-and-cve-2015-0264-apache-camel-medium-disclosure-vulnerability.html
    websites/production/camel/content/security-advisories.data/CVE-2015-0263.txt.asc
    websites/production/camel/content/security-advisories.data/CVE-2015-0264.txt.asc
Modified:
    websites/production/camel/content/cache/main.pageCache
    websites/production/camel/content/index.html
    websites/production/camel/content/news.html
    websites/production/camel/content/security-advisories.html

Added: websites/production/camel/content/2015/03/16/cve-2015-0263-and-cve-2015-0264-apache-camel-medium-disclosure-vulnerability.html
==============================================================================
--- websites/production/camel/content/2015/03/16/cve-2015-0263-and-cve-2015-0264-apache-camel-medium-disclosure-vulnerability.html
(added)
+++ websites/production/camel/content/2015/03/16/cve-2015-0263-and-cve-2015-0264-apache-camel-medium-disclosure-vulnerability.html
Mon Mar 16 21:19:23 2015
@@ -0,0 +1,147 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<html>
+<head>
+    <link href="//camel.apache.org/styles/site.css" rel="stylesheet" type="text/css">
+    <link href="//camel.apache.org/styles/type-settings.css" rel="stylesheet" type="text/css">
+    <script src="//camel.apache.org/styles/prototype.js" type="text/javascript"></script>
+    <script src="//camel.apache.org/styles/rico.js" type="text/javascript"></script>
   
+    <script src="//camel.apache.org/styles/site.js" type="text/javascript"></script>
+
+    <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+
+    <style type="text/css">
+      .maincontent { overflow:hidden; }
+    </style>
+    <!--[if IE]>
+    <style type="text/css">
+      .maincontent { width:100%; }
+    </style>
+    <![endif]-->
+
+
+
+    <title>
+    Apache Camel: CVE-2015-0263 and CVE-2015-0264 - Apache Camel medium disclosure vulnerability
+    </title>
+</head>
+<body>
+<div class="white_box">
+<div class="header">
+  <div class="header_l">
+    <div class="header_r">
+    </div>
+  </div>
+</div>
+<div class="content">
+  <div class="content_l">
+    <div class="content_r">
+      <div>
+          <!-- Banner -->
+<div id="banner-content"><div id="asf_logo">
+	<div id="activemq_logo" style="height:108px; background:transparent url(banner.data/apache-camel-7.png)
no-repeat scroll left top;">
+            <a shape="rect" style="float:left; width:310px;display:block;text-indent:-5000px;text-decoration:none;line-height:140px;
margin-top:20px; margin-left:18px;" href="http://camel.apache.org/">Camel</a>
+            <a shape="rect" style="float:right; width:180px;display:block;text-indent:-5000px;text-decoration:none;line-height:80px;
margin-top:45px; margin-right:10px;" href="http://www.apache.org">Apache</a>
+	</div>
+</div></div>
+          <!-- Banner -->
+        <div class="top_red_bar">
+          <div id="site-breadcrumbs">
+                <!-- Breadcrumbs -->
+<a href="../../../index.html">Apache Camel</a>&nbsp;&gt;&nbsp;2015&nbsp;&gt;&nbsp;03&nbsp;&gt;&nbsp;16&nbsp;&gt;&nbsp;<a
href="cve-2015-0263-and-cve-2015-0264-apache-camel-medium-disclosure-vulnerability.html">CVE-2015-0263
and CVE-2015-0264 - Apache Camel medium disclosure vulnerability</a>
+          </div>
+          <!-- Quicklinks -->
+<div id="site-quicklinks"><p><a shape="rect" href="download.html">Download</a>
| <a shape="rect" href="javadoc.html">JavaDoc</a> | <a shape="rect" href="source.html">Source</a>
| <a shape="rect" href="discussion-forums.html">Forums</a> | <a shape="rect"
href="support.html">Support</a></p></div>
+          <!-- Quicklinks -->
+        </div>
+
+	<table border="0">
+	<tbody>
+        <tr>
+        <td valign="top" width="100%">
+<div class="wiki-content maincontent"><p>If you are using Apache Camel to route
XML messages, please note that the security advisories CVE-2015-0263 and CVE-2015-0264 may
affect you.<br clear="none"><br clear="none">Please study these critical security
vulnerability carefully!<br clear="none"><br clear="none"><a shape="rect" class="external-link"
href="http://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc?version=1&amp;modificationDate=1426539178647&amp;api=v2">CVE-2015-0263</a><a
shape="rect" href="cve-2015-0263-and-cve-2015-0264-apache-camel-medium-disclosure-vulnerability.data/CVE-2015-0263.txt.asc?version=1&amp;modificationDate=1426539178647&amp;api=v2"
rel="nofollow"><br clear="none"></a><a shape="rect" class="external-link"
href="http://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc?version=1&amp;modificationDate=1426539191142&amp;api=v2">CVE-2015-0264</a><br
clear="none"><br clear="none">You can <a shape="rect" class="external-link" href="htt
 p://camel.apache.org/download">download</a> the fixed Apache Camel 2.13.x and 2.14.x
version from the Apache mirrors or from the Central Maven repository.<br clear="none"><br
clear="none">On behalf of the Camel PMC,<br clear="none">Christian</p></div>
+        </td>
+        <td valign="top">
+          <div class="navigation">
+            <div class="navigation_top">
+                <!-- NavigationBar -->
+<div class="navigation_bottom" id="navigation_bottom"><h3 id="Navigation-Overview"><a
shape="rect" href="overview.html">Overview</a></h3><ul class="alternate"><li><a
shape="rect" href="index.html">Home</a></li><li><a shape="rect" href="download.html">Download</a></li><li><a
shape="rect" href="getting-started.html">Getting Started</a></li><li><a
shape="rect" href="faq.html">FAQ</a></li></ul><h3 id="Navigation-Documentation"><a
shape="rect" href="documentation.html">Documentation</a></h3><ul class="alternate"><li><a
shape="rect" href="user-guide.html">User Guide</a></li><li><a shape="rect"
href="manual.html">Manual</a></li><li><a shape="rect" href="books.html">Books</a></li><li><a
shape="rect" href="tutorials.html">Tutorials</a></li><li><a shape="rect"
href="examples.html">Examples</a></li><li><a shape="rect" href="cookbook.html">Cookbook</a></li><li><a
shape="rect" href="architecture.html">Architecture</a></li><li><a
shape="rect" href="enterprise-integration-patterns.html">Enterprise
  Integration Patterns</a></li><li><a shape="rect" href="dsl.html">DSL</a></li><li><a
shape="rect" href="components.html">Components</a></li><li><a shape="rect"
href="data-format.html">Data Format</a></li><li><a shape="rect" href="languages.html">Languages</a></li><li><a
shape="rect" href="security.html">Security</a></li><li><a shape="rect"
href="security-advisories.html">Security Advisories</a></li></ul><h3
id="Navigation-Search">Search</h3><form enctype="application/x-www-form-urlencoded"
method="get" id="cse-search-box" action="http://www.google.com/cse">
+  <div>
+    <input type="hidden" name="cx" value="007878419884033443453:m5nhvy4hmyq">
+    <input type="hidden" name="ie" value="UTF-8">
+    <input type="text" name="q" size="21">
+    <input type="submit" name="sa" value="Search">
+  </div>
+</form>
+<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&amp;lang=en"></script><h3
id="Navigation-Community"><a shape="rect" href="community.html">Community</a></h3><ul
class="alternate"><li><a shape="rect" href="support.html">Support</a></li><li><a
shape="rect" href="contributing.html">Contributing</a></li><li><a
shape="rect" href="discussion-forums.html">Discussion Forums</a></li><li><a
shape="rect" href="mailing-lists.html">Mailing Lists</a></li><li><a
shape="rect" href="user-stories.html">User Stories</a></li><li><a
shape="rect" href="news.html">News</a></li><li><a shape="rect" href="articles.html">Articles</a></li><li><a
shape="rect" href="site.html">Site</a></li><li><a shape="rect" href="team.html">Team</a></li><li><a
shape="rect" class="external-link" href="http://camel-extra.googlecode.com/" rel="nofollow">Camel
Extra</a></li></ul><h3 id="Navigation-Developers"><a shape="rect"
href="developers.html">Developers</a></h3><ul class="alternate"
 ><li><a shape="rect" href="developers.html">Developer Guide</a></li><li><a
shape="rect" href="source.html">Source</a></li><li><a shape="rect"
href="building.html">Building</a></li><li><a shape="rect" href="javadoc.html">JavaDoc</a></li><li><a
shape="rect" href="irc-room.html">IRC Room</a></li></ul><h3 id="Navigation-ApacheSoftwareFoundation">Apache
Software Foundation</h3><ul class="alternate"><li><a shape="rect" class="external-link"
href="http://www.apache.org/licenses/">License</a></li><li><a shape="rect"
class="external-link" href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li><li><a
shape="rect" class="external-link" href="http://www.apache.org/foundation/thanks.html">Thanks</a></li><li><a
shape="rect" class="external-link" href="http://www.apache.org/security/">Security</a></li></ul></div>
+                <!-- NavigationBar -->
+            </div>
+          </div>
+        </td>
+        </tr>
+	</tbody>
+        </table>
+
+
+        <div class="bottom_red_bar"></div>
+      </div>
+    </div>
+  </div>
+</div>
+<div class="black_box">
+<div class="footer">
+  <div class="footer_l">
+    <div class="footer_r">
+      <div>
+        <a href="$base/privacy-policy.html">Privacy Policy</a> -
+        (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=53741555">edit
page</a>)
+   	 (<a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=53741555&amp;showComments=true&amp;showCommentArea=true#addcomment">add
comment</a>)
+      </div>
+    </div>
+  </div>
+</div>
+</div>
+</div>
+<div class="design_attribution">
+&copy; 2004-2014 The Apache Software Foundation.
+<br>          
+Apache Camel, Camel, Apache, the Apache feather logo, and the Apache Camel project logo are
trademarks of The Apache Software Foundation.  All other marks mentioned may be trademarks
or registered trademarks of their respective owners.
+<br>
+<a href="http://hiramchirino.com">Graphic Design By Hiram</a>
+</div>
+
+<!-- Camel committers that would like access to the Analytics, send a note to private@camel.apache.org
-->
+<script type="text/javascript">
+
+  var _gaq = _gaq || [];
+  _gaq.push(['_setAccount', 'UA-25976253-1']);
+  _gaq.push(['_trackPageview']);
+
+  (function() {
+    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+  })();
+
+</script>
+
+</body>
+</html>
+
+

Modified: websites/production/camel/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/camel/content/index.html
==============================================================================
--- websites/production/camel/content/index.html (original)
+++ websites/production/camel/content/index.html Mon Mar 16 21:19:23 2015
@@ -105,17 +105,17 @@ There's a great discussion about Camel a
 </p><div class="blog-post-listing">
             <div class="logo-heading-block">
             <span class="logoBlock">
-                <a shape="rect" class="userLogoLink" href="    /confluence/display/~njiang
">
-               <img class="userLogo logo" src="index.userimage/njiang-38992-pp-pic.jpeg"
alt="User icon: njiang" title="njiang">
+                <a shape="rect" class="userLogoLink" href="    /confluence/display/~muellerc
">
+               <img class="userLogo logo" src="index.userimage/muellerc-38851-pp-christian.png"
alt="User icon: muellerc" title="muellerc">
            </a>            </span>
             <span class="blogHeading">
-                <a shape="rect" class="blogHeading" href="2015/03/11/apache-camel-2150-released.html">Apache
Camel 2.15.0 Released</a>
-                </span><div class="page-metadata not-personal"><a shape="rect"
class="url fn confluence-userlink" href="    /confluence/display/~njiang ">willem jiang</a>
posted on Mar 11, 2015</div>
+                <a shape="rect" class="blogHeading" href="2015/03/16/cve-2015-0263-and-cve-2015-0264-apache-camel-medium-disclosure-vulnerability.html">CVE-2015-0263
and CVE-2015-0264 - Apache Camel medium disclosure vulnerability</a>
+                </span><div class="page-metadata not-personal"><a shape="rect"
class="url fn confluence-userlink" href="    /confluence/display/~muellerc ">Christian
Mueller</a> posted on Mar 16, 2015</div>
             
         </div>
     
     <div class="wiki-content">
-        <p class="p1">The Camel community announces the immediate availability of the
new major release Camel 2.15.0. This release contains a total of 500+ fixes applied in the
past 6 months by the community on the Camel master branch. &#160;</p><p class="p1">The
artifacts are published and ready for you to <a shape="rect" class="external-link" href="http://camel.apache.org/download.html">download</a>
either from the Apache mirrors or from the Central Maven repository. For more details please
take a look at the <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327940&amp;styleName=&amp;projectId=12311211">release
notes</a>. &#160;&#160;</p><p class="p1">Many thanks to all who
made this release possible. &#160;&#160;</p><p class="p1">On behalf of
the Camel PMC, &#160;&#160;</p><p class="p1">Willem</p>
+        <p>If you are using Apache Camel to route XML messages, please note that the
security advisories CVE-2015-0263 and CVE-2015-0264 may affect you.<br clear="none"><br
clear="none">Please study these critical security vulnerability carefully!<br clear="none"><br
clear="none"><a shape="rect" class="external-link" href="http://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc?version=1&amp;modificationDate=1426539178647&amp;api=v2">CVE-2015-0263</a><a
shape="rect" href="index.data/CVE-2015-0263.txt.asc?version=1&amp;modificationDate=1426539178647&amp;api=v2"
rel="nofollow"><br clear="none"></a><a shape="rect" class="external-link"
href="http://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc?version=1&amp;modificationDate=1426539191142&amp;api=v2">CVE-2015-0264</a><br
clear="none"><br clear="none">You can <a shape="rect" class="external-link" href="http://camel.apache.org/download">download</a>
the fixed Apache Camel 2.13.x and 2.14.x version from the
  Apache mirrors or from the Central Maven repository.<br clear="none"><br clear="none">On
behalf of the Camel PMC,<br clear="none">Christian</p>
     </div>
     
         
@@ -129,13 +129,13 @@ There's a great discussion about Camel a
                <img class="userLogo logo" src="index.userimage/njiang-38992-pp-pic.jpeg"
alt="User icon: njiang" title="njiang">
            </a>            </span>
             <span class="blogHeading">
-                <a shape="rect" class="blogHeading" href="2015/03/11/apache-camel-2134-released.html">Apache
Camel 2.13.4 released</a>
+                <a shape="rect" class="blogHeading" href="2015/03/11/apache-camel-2150-released.html">Apache
Camel 2.15.0 Released</a>
                 </span><div class="page-metadata not-personal"><a shape="rect"
class="url fn confluence-userlink" href="    /confluence/display/~njiang ">willem jiang</a>
posted on Mar 11, 2015</div>
             
         </div>
     
     <div class="wiki-content">
-        <p>The Camel community announces the immediate availability of the new patch
release Camel 2.13.4. This release contains a total of 81 fixes applied in the past 3 months
by the community on the Camel 2.13.x maintenance branch.</p><p>The artifacts are
published and ready for you to&#160;<a shape="rect" class="external-link" href="http://camel.apache.org/download.html">download</a>&#160;either
from the Apache mirrors or from the Central Maven repository. For more details please take
a look at the&#160;<a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12328899&amp;styleName=&amp;projectId=12311211">release
notes</a><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12324786&amp;projectId=12311211">.</a></p><p>Many
thanks to all who made this release possible.</p><p>On behalf of the Camel PMC,</p><p>Willem</p>
+        <p class="p1">The Camel community announces the immediate availability of the
new major release Camel 2.15.0. This release contains a total of 500+ fixes applied in the
past 6 months by the community on the Camel master branch. &#160;</p><p class="p1">The
artifacts are published and ready for you to <a shape="rect" class="external-link" href="http://camel.apache.org/download.html">download</a>
either from the Apache mirrors or from the Central Maven repository. For more details please
take a look at the <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327940&amp;styleName=&amp;projectId=12311211">release
notes</a>. &#160;&#160;</p><p class="p1">Many thanks to all who
made this release possible. &#160;&#160;</p><p class="p1">On behalf of
the Camel PMC, &#160;&#160;</p><p class="p1">Willem</p>
     </div>
     
         
@@ -149,13 +149,13 @@ There's a great discussion about Camel a
                <img class="userLogo logo" src="index.userimage/njiang-38992-pp-pic.jpeg"
alt="User icon: njiang" title="njiang">
            </a>            </span>
             <span class="blogHeading">
-                <a shape="rect" class="blogHeading" href="2015/03/11/apache-camel-2142.html">Apache
Camel 2.14.2</a>
+                <a shape="rect" class="blogHeading" href="2015/03/11/apache-camel-2134-released.html">Apache
Camel 2.13.4 released</a>
                 </span><div class="page-metadata not-personal"><a shape="rect"
class="url fn confluence-userlink" href="    /confluence/display/~njiang ">willem jiang</a>
posted on Mar 11, 2015</div>
             
         </div>
     
     <div class="wiki-content">
-        <p>The Camel community announces the immediate availability of the new patch
release Camel 2.14.2. This release contains a total of&#160;101 fixes applied in the past
3 months by the community on the Camel 2.14.x maintenance branch.</p><p>The artifacts
are published and ready for you to&#160;<a shape="rect" class="external-link" href="http://camel.apache.org/download.html">download</a>&#160;either
from the Apache mirrors or from the Central Maven repository. For more details please take
a look at the&#160;<a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12329070&amp;styleName=Html&amp;projectId=12311211">release
notes</a><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12324786&amp;projectId=12311211">.</a></p><p>Many
thanks to all who made this release possible.</p><p>On behalf of the Camel PMC,</p><p>Willem</p>
+        <p>The Camel community announces the immediate availability of the new patch
release Camel 2.13.4. This release contains a total of 81 fixes applied in the past 3 months
by the community on the Camel 2.13.x maintenance branch.</p><p>The artifacts are
published and ready for you to&#160;<a shape="rect" class="external-link" href="http://camel.apache.org/download.html">download</a>&#160;either
from the Apache mirrors or from the Central Maven repository. For more details please take
a look at the&#160;<a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12328899&amp;styleName=&amp;projectId=12311211">release
notes</a><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12324786&amp;projectId=12311211">.</a></p><p>Many
thanks to all who made this release possible.</p><p>On behalf of the Camel PMC,</p><p>Willem</p>
     </div>
     
         
@@ -169,13 +169,13 @@ There's a great discussion about Camel a
                <img class="userLogo logo" src="index.userimage/njiang-38992-pp-pic.jpeg"
alt="User icon: njiang" title="njiang">
            </a>            </span>
             <span class="blogHeading">
-                <a shape="rect" class="blogHeading" href="2014/12/17/camel-2141-released.html">Camel
2.14.1 released</a>
-                </span><div class="page-metadata not-personal"><a shape="rect"
class="url fn confluence-userlink" href="    /confluence/display/~njiang ">willem jiang</a>
posted on Dec 17, 2014</div>
+                <a shape="rect" class="blogHeading" href="2015/03/11/apache-camel-2142.html">Apache
Camel 2.14.2</a>
+                </span><div class="page-metadata not-personal"><a shape="rect"
class="url fn confluence-userlink" href="    /confluence/display/~njiang ">willem jiang</a>
posted on Mar 11, 2015</div>
             
         </div>
     
     <div class="wiki-content">
-        <div class="wiki-content"><p>The Camel community announces the immediate
availability of the new patch release Camel 2.14.1. This release contains a total of&#160;139
fixes applied in the past 3 months by the community on the Camel 2.14.x maintenance branch.</p><p>The
artifacts are published and ready for you to&#160;<a shape="rect" class="external-link"
href="http://camel.apache.org/download.html">download</a>&#160;either from the
Apache mirrors or from the Central Maven repository. For more details please take a look at
the&#160;<a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327941&amp;styleName=&amp;projectId=12311211">release
notes</a><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12324786&amp;projectId=12311211">.</a></p><p>Many
thanks to all who made this release possible.</p><p>On behalf of the Camel PMC,</p><p>Willem</p></div>
+        <p>The Camel community announces the immediate availability of the new patch
release Camel 2.14.2. This release contains a total of&#160;101 fixes applied in the past
3 months by the community on the Camel 2.14.x maintenance branch.</p><p>The artifacts
are published and ready for you to&#160;<a shape="rect" class="external-link" href="http://camel.apache.org/download.html">download</a>&#160;either
from the Apache mirrors or from the Central Maven repository. For more details please take
a look at the&#160;<a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12329070&amp;styleName=Html&amp;projectId=12311211">release
notes</a><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12324786&amp;projectId=12311211">.</a></p><p>Many
thanks to all who made this release possible.</p><p>On behalf of the Camel PMC,</p><p>Willem</p>
     </div>
     
         
@@ -185,17 +185,17 @@ There's a great discussion about Camel a
 <div class="blog-post-listing">
             <div class="logo-heading-block">
             <span class="logoBlock">
-                <a shape="rect" class="userLogoLink" href="    /confluence/display/~muellerc
">
-               <img class="userLogo logo" src="index.userimage/muellerc-38851-pp-christian.png"
alt="User icon: muellerc" title="muellerc">
+                <a shape="rect" class="userLogoLink" href="    /confluence/display/~njiang
">
+               <img class="userLogo logo" src="index.userimage/njiang-38992-pp-pic.jpeg"
alt="User icon: njiang" title="njiang">
            </a>            </span>
             <span class="blogHeading">
-                <a shape="rect" class="blogHeading" href="2014/11/09/welcome-colm-o-heigeartaigh-as-the-newest-camel-rider.html">Welcome
Colm O hEigeartaigh as the newest Camel Rider</a>
-                </span><div class="page-metadata not-personal"><a shape="rect"
class="url fn confluence-userlink" href="    /confluence/display/~muellerc ">Christian
Mueller</a> posted on Nov 09, 2014</div>
+                <a shape="rect" class="blogHeading" href="2014/12/17/camel-2141-released.html">Camel
2.14.1 released</a>
+                </span><div class="page-metadata not-personal"><a shape="rect"
class="url fn confluence-userlink" href="    /confluence/display/~njiang ">willem jiang</a>
posted on Dec 17, 2014</div>
             
         </div>
     
     <div class="wiki-content">
-        <p>Six days ago the Camel PMC voted another one of the very active and talented
contributors to become a committer.</p><p>&#160;</p><p>Colm O
hEigeartaigh is actively involved with Apache Camel since months contributing code and helping
other users. Colm proactively worked on reported issues and took them to resolution acting
as a committer. He is an Apache Member and already in the PMC for Apache CXF, Incubator, Santaurio
(chair), Syncope and WS and know how Apache works. In recognition of his work, the PMC only
had to take care of the simple task of making that official. A few days ago, Colm got his
committer account setup, concluding the process of becoming the newest Camel rider. Stay tuned
for his first official commit. (wink)</p><p>&#160;</p><p>On behalf
of the Camel PMC, welcome aboard Colm and keep up the great work!</p><p>Christian</p><p>&#160;</p><p>&#160;</p>
+        <div class="wiki-content"><p>The Camel community announces the immediate
availability of the new patch release Camel 2.14.1. This release contains a total of&#160;139
fixes applied in the past 3 months by the community on the Camel 2.14.x maintenance branch.</p><p>The
artifacts are published and ready for you to&#160;<a shape="rect" class="external-link"
href="http://camel.apache.org/download.html">download</a>&#160;either from the
Apache mirrors or from the Central Maven repository. For more details please take a look at
the&#160;<a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327941&amp;styleName=&amp;projectId=12311211">release
notes</a><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12324786&amp;projectId=12311211">.</a></p><p>Many
thanks to all who made this release possible.</p><p>On behalf of the Camel PMC,</p><p>Willem</p></div>
     </div>
     
         
@@ -209,13 +209,13 @@ There's a great discussion about Camel a
                <img class="userLogo logo" src="index.userimage/muellerc-38851-pp-christian.png"
alt="User icon: muellerc" title="muellerc">
            </a>            </span>
             <span class="blogHeading">
-                <a shape="rect" class="blogHeading" href="2014/10/31/apache-camel-2133-released.html">Apache
Camel 2.13.3 released</a>
-                </span><div class="page-metadata not-personal"><a shape="rect"
class="url fn confluence-userlink" href="    /confluence/display/~muellerc ">Christian
Mueller</a> posted on Oct 31, 2014</div>
+                <a shape="rect" class="blogHeading" href="2014/11/09/welcome-colm-o-heigeartaigh-as-the-newest-camel-rider.html">Welcome
Colm O hEigeartaigh as the newest Camel Rider</a>
+                </span><div class="page-metadata not-personal"><a shape="rect"
class="url fn confluence-userlink" href="    /confluence/display/~muellerc ">Christian
Mueller</a> posted on Nov 09, 2014</div>
             
         </div>
     
     <div class="wiki-content">
-        <p>The Camel community announces the immediate availability of the new patch
release Camel 2.13.3. This bug fix release is issued after more than 3 months of intense efforts
of the Camel 2.13.x maintenance branch and resolves 103 issues in total.</p><p>The
artifacts are published and ready for you to <a shape="rect" class="external-link" href="http://camel.apache.org/download.html">download</a>
either from the Apache mirrors or from the Central Maven repository. For more details please
take a look at the <a shape="rect" class="external-link" href="http://camel.apache.org/camel-2133-release.html">release
notes</a>.</p><p>Many thanks to all who made this release possible.</p><p>&#160;</p><p>On
behalf of the Camel PMC,</p><p>Christian</p>
+        <p>Six days ago the Camel PMC voted another one of the very active and talented
contributors to become a committer.</p><p>&#160;</p><p>Colm O
hEigeartaigh is actively involved with Apache Camel since months contributing code and helping
other users. Colm proactively worked on reported issues and took them to resolution acting
as a committer. He is an Apache Member and already in the PMC for Apache CXF, Incubator, Santaurio
(chair), Syncope and WS and know how Apache works. In recognition of his work, the PMC only
had to take care of the simple task of making that official. A few days ago, Colm got his
committer account setup, concluding the process of becoming the newest Camel rider. Stay tuned
for his first official commit. (wink)</p><p>&#160;</p><p>On behalf
of the Camel PMC, welcome aboard Colm and keep up the great work!</p><p>Christian</p><p>&#160;</p><p>&#160;</p>
     </div>
     
         

Modified: websites/production/camel/content/news.html
==============================================================================
--- websites/production/camel/content/news.html (original)
+++ websites/production/camel/content/news.html Mon Mar 16 21:19:23 2015
@@ -84,6 +84,26 @@
 <div class="blog-post-listing">
             <div class="logo-heading-block">
             <span class="logoBlock">
+                <a shape="rect" class="userLogoLink" href="    /confluence/display/~muellerc
">
+               <img class="userLogo logo" src="news.userimage/muellerc-38851-pp-christian.png"
alt="User icon: muellerc" title="muellerc">
+           </a>            </span>
+            <span class="blogHeading">
+                <a shape="rect" class="blogHeading" href="2015/03/16/cve-2015-0263-and-cve-2015-0264-apache-camel-medium-disclosure-vulnerability.html">CVE-2015-0263
and CVE-2015-0264 - Apache Camel medium disclosure vulnerability</a>
+                </span><div class="page-metadata not-personal"><a shape="rect"
class="url fn confluence-userlink" href="    /confluence/display/~muellerc ">Christian
Mueller</a> posted on Mar 16, 2015</div>
+            
+        </div>
+    
+    <div class="wiki-content">
+        <p>If you are using Apache Camel to route XML messages, please note that the
security advisories CVE-2015-0263 and CVE-2015-0264 may affect you.<br clear="none"><br
clear="none">Please study these critical security vulnerability carefully!<br clear="none"><br
clear="none"><a shape="rect" class="external-link" href="http://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc?version=1&amp;modificationDate=1426539178647&amp;api=v2">CVE-2015-0263</a><a
shape="rect" href="news.data/CVE-2015-0263.txt.asc?version=1&amp;modificationDate=1426539178647&amp;api=v2"
rel="nofollow"><br clear="none"></a><a shape="rect" class="external-link"
href="http://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc?version=1&amp;modificationDate=1426539191142&amp;api=v2">CVE-2015-0264</a><br
clear="none"><br clear="none">You can <a shape="rect" class="external-link" href="http://camel.apache.org/download">download</a>
the fixed Apache Camel 2.13.x and 2.14.x version from the 
 Apache mirrors or from the Central Maven repository.<br clear="none"><br clear="none">On
behalf of the Camel PMC,<br clear="none">Christian</p>
+    </div>
+    
+        
+    </div>
+    
+        
+<div class="blog-post-listing">
+            <div class="logo-heading-block">
+            <span class="logoBlock">
                 <a shape="rect" class="userLogoLink" href="    /confluence/display/~njiang
">
                <img class="userLogo logo" src="news.userimage/njiang-38992-pp-pic.jpeg"
alt="User icon: njiang" title="njiang">
            </a>            </span>
@@ -465,32 +485,6 @@ Hadrian</p>
     </div>
     
         
-    </div>
-    
-        
-<div class="blog-post-listing">
-            <div class="logo-heading-block">
-            <span class="logoBlock">
-                <a shape="rect" class="userLogoLink" href="    /confluence/display/~muellerc
">
-               <img class="userLogo logo" src="news.userimage/muellerc-38851-pp-christian.png"
alt="User icon: muellerc" title="muellerc">
-           </a>            </span>
-            <span class="blogHeading">
-                <a shape="rect" class="blogHeading" href="2013/10/10/we-welcome-a-new-committer-and-pmc-member.html">We
welcome a new committer and PMC member</a>
-                </span><div class="page-metadata not-personal"><a shape="rect"
class="url fn confluence-userlink" href="    /confluence/display/~muellerc ">Christian
Mueller</a> posted on Oct 10, 2013</div>
-            
-        </div>
-    
-    <div class="wiki-content">
-        <p>The Camel Riders are growing their ranks again after only a few short months.
We are pleasantly surprised ourselves with the growth of our community the increased interest
in Camel and the quantity and quality of contributions. As a result we want to welcome as
committer and PMC member James Carman who stuck with us and consistently helped out.</p>
-
-<p>James Carman has been around Camel for quite some time and has contributed some
patches and helped with non trivial tasks and fixes. He demonstrated that he is both willing
and capable of taking responsibilities that go beyond the code and involve the future of the
project. With his involvement in other Apache projects he will also be a great addition to
the team.</p>
-
-<p>On behalf of the Camel PMC, welcome aboard and we expect more great things coming
from you!<br clear="none">
-Christian M&#252;ller,<br clear="none">
-VP, Apache Camel</p>
-    </div>
-    
-        
     </div>
     </div>
         </td>

Added: websites/production/camel/content/security-advisories.data/CVE-2015-0263.txt.asc
==============================================================================
--- websites/production/camel/content/security-advisories.data/CVE-2015-0263.txt.asc (added)
+++ websites/production/camel/content/security-advisories.data/CVE-2015-0263.txt.asc Mon Mar
16 21:19:23 2015
@@ -0,0 +1,38 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+
+CVE-2015-0263: Apache Camel medium disclosure vulnerability
+
+Severity: MEDIUM
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: Camel 2.13.0 to 2.13.3, Camel 2.14.0 to 2.14.1
+The unsupported Camel 2.3.x, 2.4.x, 2.5.x, 2.6.x, 2.7.x, 2.8.x, 2.9.x, 2.10.x, 2.11.x and
2.12.x versions may be also affected.
+
+Description: The XML converter setup in Apache Camel allows remote attackers to read arbitrary
files via an SAXSource containing an XML External Entity (XXE) declaration.
+
+Mitigation: 2.13.x users should upgrade to 2.13.4, 2.14.x users should upgrade to 2.14.2.
This patch will be included from Camel 2.15.0: https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36
+
+Credit: This issue was discovered by Stephan Siano.
+
+References: http://camel.apache.org/security-advisories.html
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
+Comment: GPGTools - http://gpgtools.org
+
+iQIcBAEBAgAGBQJU/sahAAoJEImh9lEqI5wsKmkQAIPMcNnEvWWolihdFlC+4nQn
+Fo39aZ+nr6mH38PgH1Ho2wGPYYX6j6r41cJIOtU5lZzSmC8yaX5tEavm0bKK9XJu
+ScNKixYwxSejF326CKlm2Nl9X26OtZaPSrCyXn9fdFtvkSyo2qcypbYkIGujZW9R
+8sKLKHPgCupBjrDh0271D2BEw9eqZvNsKeBE2o/sePcHy5dhS8GQdKbBmfF1tDDl
+lfAWr+djLJ018X10krVek7GWajdXiZEsMmUZZ6i+Ao0Y9dTguVjTRxcO6gHPM4xq
+AyyDBF2tT2/JvP6QzeaspAI9Wpjr2CD0HKS3eURsfghsjWNklueYeEc/kE/5Usls
+4WiM2MCMPfhef5uY2cbt+BEeouAkIvNdyjzadEdIHJYzqwyWdTwuuabNG+X2zI+m
++Sz0aepvpAXdWrfNFAiiGrzIDRVnZsTjEQ8THAeoSND08e111cy0S2TmKhVlljF+
+Ag5gqduoReWnIrksxJ5M0wkaOfubBgactRFoc8ZhIdmyY8xbiFJmywI9sZ1aTP5s
+tV/hFq7hcGCDqwFAHFsYRoXecfVHWEN/zr0MjXpQ6xT3f8Jedeamq1ZiaBDtfM5p
+SHumY30Tc+cCBV3nFVjxM+zAcFQ8gjnORnZEnZ2F+HQaJHZzQOLWZ6V/urcuHUzu
+HWeqvw4nphzuGl88Vv1M
+=IvV+
+-----END PGP SIGNATURE-----

Added: websites/production/camel/content/security-advisories.data/CVE-2015-0264.txt.asc
==============================================================================
--- websites/production/camel/content/security-advisories.data/CVE-2015-0264.txt.asc (added)
+++ websites/production/camel/content/security-advisories.data/CVE-2015-0264.txt.asc Mon Mar
16 21:19:23 2015
@@ -0,0 +1,38 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+
+CVE-2015-0264: Apache Camel medium disclosure vulnerability
+
+Severity: MEDIUM
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: Camel 2.13.0 to 2.13.3, Camel 2.14.0 to 2.14.1
+The unsupported Camel 2.3.x, 2.4.x, 2.5.x, 2.6.x, 2.7.x, 2.8.x, 2.9.x, 2.10.x, 2.11.x and
2.12.x versions may be also affected.
+
+Description: The XPath handling in Apache Camel for invalid XML Strings or invalid XML GenericFile
objects allows remote attackers to read arbitrary files via an XML External Entity (XXE) declaration.
The XML External Entity (XXE) will be resolved before the Exception is thrown.
+
+Mitigation: 2.13.x users should upgrade to 2.13.4, 2.14.x users should upgrade to 2.14.2.
This patch will be included from Camel 2.15.0: https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=1df559649a96a1ca0368373387e542f46e4820da
+
+Credit: This issue was discovered by Stephan Siano.
+
+References: http://camel.apache.org/security-advisories.html
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
+Comment: GPGTools - http://gpgtools.org
+
+iQIcBAEBAgAGBQJU/saFAAoJEImh9lEqI5wsh5MQALhKWptMPv5ktFPxVcqORosf
+wXiUWvqL4MM67ZDzf4EqsOdMUWtoFB9gPD7ZUU529yji5uzEdPibrkvlPUUBkR6n
+funLrsIK3/rFsY/UFWJxGpm0ZWRbp+XqS8iykU27jsACQFPZVSTeURkYHAvKbwOj
+s6kAfF72y229kDGi12CP/z+r3XgL7dwrOCZ+Y+WxRUFq6TFSqECSn8+gQtRd9CN+
+/+sXjr+TBmVc2FBz06nFGbS72qVVVxKf0krdrqP8u34Ca9nV0686vozcINxH0CzC
+LtGuTCcyqFP+efEbEsC29SlAtQqq0zdTVLmlJF6CmC7yB5wSr0l9BE3nWPDx6OLI
+MXtoqXfdvQiOVQB8WlyP9D+c14Vl4U/ywuTERGl+e+QVSp35jdMju4UJJoMzGsM1
+2+PDm5BG7uuu5iuWQMTlwCBeJTPGhFLYrxTtwQ7zGvXZJdG7kElhzuESwDgo+gol
+i1AHBVS2w800AkStpSxo6El1/RiZJtq0hp1JJI8oWyUuY4zJqKRAQXtymOgH5xae
+o8BF5meg8UmidtQi9woG28o8VRxtfeZIhd/DeM6nuSWtFNdEItzV4ksm89F4Glhy
+oNLR1ufk5BJlG7EPj89w7MIklX70u3Q/LWeJOk6u6TGVxPhrZzOH2k7RMALIlKoB
+b4sZQjwpBaJG8hlJbvSK
+=8G1w
+-----END PGP SIGNATURE-----

Modified: websites/production/camel/content/security-advisories.html
==============================================================================
--- websites/production/camel/content/security-advisories.html (original)
+++ websites/production/camel/content/security-advisories.html Mon Mar 16 21:19:23 2015
@@ -75,7 +75,7 @@
 	<tbody>
         <tr>
         <td valign="top" width="100%">
-<div class="wiki-content maincontent"><h3 id="SecurityAdvisories-2013">2013</h3><ul><li><a
shape="rect" href="security-advisories.data/CVE-2013-4330.txt.asc?version=1&amp;modificationDate=1380633919000&amp;api=v2">CVE-2013-4330</a>
- Writing files using FILE or FTP components, can potentially be exploited by a malicious
user.</li></ul><h3 id="SecurityAdvisories-2014">2014</h3><ul><li><a
shape="rect" href="security-advisories.data/CVE-2014-0002.txt.asc?version=1&amp;modificationDate=1393615569000&amp;api=v2">CVE-2014-0002</a>
- The Apache Camel XSLT component will resolve entities in XML messages when transforming
them using an xslt route.</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0003.txt.asc?version=1&amp;modificationDate=1393615582000&amp;api=v2">CVE-2014-0003</a>
- The Apache Camel XSLT component allows XSL stylesheets to perform calls to external Java
methods.</li></ul></div>
+<div class="wiki-content maincontent"><h3 id="SecurityAdvisories-2015">2015</h3><ul><li><a
shape="rect" href="security-advisories.data/CVE-2015-0264.txt.asc?version=1&amp;modificationDate=1426539191142&amp;api=v2">CVE-2015-0264</a>
- The XPath handling in Apache Camel for invalid XML Strings or invalid XML GenericFile objects
allows remote attackers to read arbitrary files via an XML External Entity (XXE) declaration.
The XML External Entity (XXE) will be resolved before the Exception is thrown.</li><li><a
shape="rect" href="security-advisories.data/CVE-2015-0263.txt.asc?version=1&amp;modificationDate=1426539178647&amp;api=v2">CVE-2015-0263</a>
- The XML converter setup in Apache Camel allows remote attackers to read arbitrary files
via an SAXSource containing an XML External Entity (XXE) declaration.</li></ul><h3
id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2014-0003.txt.asc?version=1&amp;modificationDate=1393615582000&amp;api=v2"
 >CVE-2014-0003</a> - The Apache Camel XSLT component allows XSL stylesheets to perform
calls to external Java methods.</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0002.txt.asc?version=1&amp;modificationDate=1393615569000&amp;api=v2">CVE-2014-0002</a>
- The Apache Camel XSLT component will resolve entities in XML messages when transforming
them using an xslt route.</li></ul><h3 id="SecurityAdvisories-2013">2013</h3><ul><li><a
shape="rect" href="security-advisories.data/CVE-2013-4330.txt.asc?version=1&amp;modificationDate=1380633919000&amp;api=v2">CVE-2013-4330</a>
- Writing files using FILE or FTP components, can potentially be exploited by a malicious
user.</li></ul><p>&#160;</p></div>
         </td>
         <td valign="top">
           <div class="navigation">



Mime
View raw message